ICAO working to establish aviation cybersecurity framework
Underscoring the inherent value in establishing a global cybersecurity framework for aviation, the president of the ICAO Council, Dr. Olumuyiwa Benard Aliu, welcomed a special commemorative Dubai Declaration which signifies the commitment and unity of the air transport sector towards achieving effective cyber resilience.
The new Dubai Declaration was presented to president Aliu during a special ceremony at the U.N. agency’s inaugural Cyber Summit and Exhibition in Dubai, which ran from April 4-6 and was conducted in close partnership with the General Civil Aviation Authority of the United Arab Emirates.
“New and more sophisticated digital technologies and processes are coming online daily it seems, impacting as they do our network and its relationships with shippers and the travelling public,” President Aliu stressed to the more than 500 experts from 90 countries that attended the ICAO Summit. “What this means for cybersecurity and cybersafety stakeholders is that threats are emerging at an ever-increasing rate.”
At ICAO’s 39th Assembly last October, world governments signalled their awareness and concern on cyber risks and threats through Resolution A39-19 on Addressing Cybersecurity in Civil Aviation. Concerning variations currently persist among States, air navigation service providers, aircraft and airport operators, and others in terms of the cyber mitigation measures being set out – highlighting the need for improved sector-wide collaboration.
“Some may suggest this points to a role for near-term ICAO provisions to be established,” President Aliu continued, “however we are still at too nascent a stage to determine appropriate and practical Standards in the Annexes to the Convention on International Civil Aviation.”
He also noted that civil aviation should continue to appreciate and reinforce the inherent mitigation capabilities of pilots and air traffic controllers, aviation’s traditional ‘first responders’, and highlighted that the sector’s increasing connectivity to external networks, and the use of public communication infrastructure for transmitting data and exchanging information, represent further risks which must be carefully managed.
“The basic interconnectedness we have all grown accustomed to in our day-to-day digital lives is now also a basic characteristic of on-board and ground-based aviation systems,” he remarked. “This makes them potentially vulnerable to outside cyber-attack, and explains why the logical or physical segregation of safety critical systems is a crucial first step for global aviation.”
The conclusions and commemorative Dubai Declaration emerging from the ICAO/UAE Summit will help to establish near-term prioritization of suitable back-up systems and procedures, cyber resilience steps, and security overlays, in addition to the more intensive collaboration needed and clarity on roles and responsibilities.
Much of this strategic planning and guidance will be enshrined in ICAO’s new Global Aviation Security Plan (GASeP), the development of which is being fast-tracked after calls for its accelerated development by world States. The GASeP is expected to be launched by the end of 2017, following a State consultation period.